透過您的圖書館登入
IP:3.85.215.164
  • 學位論文

內控處理準則電腦資訊循環之個案研究 -以BS7799資訊安全及COBIT控制目標為例

A Case Study of Computerized Information Circle of Criteria Governing the Internal Control with BS 7799 and COBIT

指導教授 : 簡俱揚 周濟群
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。

摘要


在現今企業組織經營型態日漸複雜且組織規模擴大,絕大多數的企業仰賴資訊電腦化系統管理其龐大的企業資料,以簡化作業程序、提高作業效率、加強管理功能,資訊科技的不斷進步,提高企業的競爭力,相關的資訊應用工具也持續的推陳出新,為了對電腦系統內之資訊作安全性之確保,資訊安全成為日受重視的議題。 本研究係透過個案研究之方式,將BS7799資訊安全管理十大控制要項127控制項目,以問卷的方式請個案公司之MIS主管、MIS人員、稽核主管、稽核人員及管理部主管作答,取得初級資料並使用統計方法進行檢定,藉以得知個案公司對BS7799資訊安全管理127控制項目的看法及認知;同時藉由資訊及相關科技之控制目標(Control Objectives for Information and related Technology, COBIT)中之DS5、M2及M4設計問題,訪談個案公司之經營主管,MIS主管及稽核主管,以了解個案公司在COBIT觀點下對資訊安全及電腦稽核的看法及認知。 研究結果顯示,個案公司經由上述之BS7799資訊安全管理及COBIT控管目標,同時用以了解公司在資訊安全之內部稽核之議題上,為可行的、且可補彼此間之不足;資訊安全管理制度的建立在目前在國內正逐漸加溫中,希冀此研究結果能提供企業在建立資訊安全管理制度上參考之用。

關鍵字

COBIT BS7799 資訊安全 內部稽核 電腦稽核

並列摘要


Recently, most of the enterprises rely on the information system to carry out their tremendous data process. By the sophisticated Information system, those firms can simplified their business processes, raised their efficiency and helped their manager to manage in the disorderly general affairs. With the information technology continuously promotion and computer becomes a necessary tool as the stick for blind people. As the result, there have many companies are going to join in the emerging market. On the other hand, since most companies were using the information system assisted their job, it becomes a main target as honey for bees that some people are trying to hike in those enterprises computer system to steal the information that might be priceless. Therefore, information system security is as the SARS to be the main issue in those firms, which highly manipulated the Information system. As the Information system security is became the main concern, in this case study, I am going to through the live survey to survey how the MIS department managers, engineers and Internal auditor to implement the BS7799 in their field. With the data that was collected from live survey and by the statistic analysis, I gathered the view of those cases regarding the BS7799 in its 127 control items. In addition, with the Control Objectives for Information and related Technology (COBIT) of its DS5, M2 and M4, I interviewed all the MIS department managers, engineers and auditors to knowledge the opinion of those companies in the information security and computer audited. As the result, I realized through the BS7799 and COBIT that it can be proceeded after those companies have been run through the BS7799 and COBIT. They are practicable, complementary and valuable. Information security management system is ad hoc and popular topic in Taiwan, I hoped with this study that it can provided some affirmation for the enterprises in Taiwan if they are going to build their information security system.

參考文獻


楊峰松,企業資源規劃系統導入之研究,中原大學資訊管理研究所碩士論文,2002.7
吳政隆,以XML為資料擷取介面之審計系統實作,中原大學會計研究碩士論文,2002.6
楊金炎,企業內部控制有關資訊系統與安全的個案研討,中原大學資訊管理研究所碩士論文,2001.6
馬秀如譯,COSO委員會原著,內部控制-整體架構,財團法人中華民國會計研究發展基會,1998.6
林勤經、樊國禎、方仁威、黃景彰,資訊安全管理系統建置工作之研究,資訊管理研究第四卷第二期,2002.7

被引用紀錄


徐正(2006)。組織導入BS7799後之資訊安全管理成效研究〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846%2fTKU.2006.00360
林宇溱(2015)。資訊安全政策導入ISO 27001之關鍵成功因素探討〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840%2fcycu201500619
彭及福(2015)。主機安全稽核工具之設計與實現〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840%2fcycu201500580
吳振昀(2007)。金融服務業導入資訊安全管理機制影響之研究〔碩士論文,國立臺北科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0006-0908200716454100
蘇世豪(2010)。電信業驗證ISO27001關鍵成功因素之研究〔碩士論文,國立臺北大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0023-2207201023493300

延伸閱讀